Document error behavior of PKCS5_PBKDF2_HMAC and EVP_PBE_scrypt
Change-Id: I5ce176538a53136aff3eea4af04b762ac9a5a994 Reviewed-on: https://boringssl-review.googlesource.com/31044 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
parent
1c2779e819
commit
21558f43ce
@ -187,6 +187,10 @@ int EVP_PBE_scrypt(const char *password, size_t password_len,
|
|||||||
int ret = 0;
|
int ret = 0;
|
||||||
block_t *T = B + B_blocks;
|
block_t *T = B + B_blocks;
|
||||||
block_t *V = T + T_blocks;
|
block_t *V = T + T_blocks;
|
||||||
|
|
||||||
|
// NOTE: PKCS5_PBKDF2_HMAC can only fail due to allocation failure
|
||||||
|
// or |iterations| of 0 (we pass 1 here). This is consistent with
|
||||||
|
// the documented failure conditions of EVP_PBE_scrypt.
|
||||||
if (!PKCS5_PBKDF2_HMAC(password, password_len, salt, salt_len, 1,
|
if (!PKCS5_PBKDF2_HMAC(password, password_len, salt, salt_len, 1,
|
||||||
EVP_sha256(), B_bytes, (uint8_t *)B)) {
|
EVP_sha256(), B_bytes, (uint8_t *)B)) {
|
||||||
goto err;
|
goto err;
|
||||||
|
@ -417,7 +417,7 @@ OPENSSL_EXPORT int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
|
|||||||
|
|
||||||
// PKCS5_PBKDF2_HMAC computes |iterations| iterations of PBKDF2 of |password|
|
// PKCS5_PBKDF2_HMAC computes |iterations| iterations of PBKDF2 of |password|
|
||||||
// and |salt|, using |digest|, and outputs |key_len| bytes to |out_key|. It
|
// and |salt|, using |digest|, and outputs |key_len| bytes to |out_key|. It
|
||||||
// returns one on success and zero on error.
|
// returns one on success and zero on allocation failure or if iterations is 0.
|
||||||
OPENSSL_EXPORT int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len,
|
OPENSSL_EXPORT int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len,
|
||||||
const uint8_t *salt, size_t salt_len,
|
const uint8_t *salt, size_t salt_len,
|
||||||
unsigned iterations, const EVP_MD *digest,
|
unsigned iterations, const EVP_MD *digest,
|
||||||
@ -433,12 +433,20 @@ OPENSSL_EXPORT int PKCS5_PBKDF2_HMAC_SHA1(const char *password,
|
|||||||
|
|
||||||
// EVP_PBE_scrypt expands |password| into a secret key of length |key_len| using
|
// EVP_PBE_scrypt expands |password| into a secret key of length |key_len| using
|
||||||
// scrypt, as described in RFC 7914, and writes the result to |out_key|. It
|
// scrypt, as described in RFC 7914, and writes the result to |out_key|. It
|
||||||
// returns one on success and zero on error.
|
// returns one on success and zero on allocation failure, if the memory required
|
||||||
|
// for the operation exceeds |max_mem|, or if any of the parameters are invalid
|
||||||
|
// as described below.
|
||||||
//
|
//
|
||||||
// |N|, |r|, and |p| are as described in RFC 7914 section 6. They determine the
|
// |N|, |r|, and |p| are as described in RFC 7914 section 6. They determine the
|
||||||
// cost of the operation. If the memory required exceeds |max_mem|, the
|
// cost of the operation. If |max_mem| is zero, a defult limit of 32MiB will be
|
||||||
// operation will fail instead. If |max_mem| is zero, a defult limit of 32MiB
|
// used.
|
||||||
// will be used.
|
//
|
||||||
|
// The parameters are considered invalid under any of the following conditions:
|
||||||
|
// - |r| or |p| are zero
|
||||||
|
// - |p| > (2^30 - 1) / |r|
|
||||||
|
// - |N| is not a power of two
|
||||||
|
// - |N| > 2^32
|
||||||
|
// - |N| > 2^(128 * |r| / 8)
|
||||||
OPENSSL_EXPORT int EVP_PBE_scrypt(const char *password, size_t password_len,
|
OPENSSL_EXPORT int EVP_PBE_scrypt(const char *password, size_t password_len,
|
||||||
const uint8_t *salt, size_t salt_len,
|
const uint8_t *salt, size_t salt_len,
|
||||||
uint64_t N, uint64_t r, uint64_t p,
|
uint64_t N, uint64_t r, uint64_t p,
|
||||||
|
Loading…
Reference in New Issue
Block a user